Verytops/verydows

Verytops/verydows

demo.verydows.com

Releases0

Stars433

B2C商城系统 PC端+H5移动端 + 微信端快速为你构建自己的商城系统

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-29394 ↗	Apr 9, 2025Wednesday, 9 April 2025, 16:15	8.1 HIGH	—
An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type.
CVE-2020-23363 ↗	May 9, 2023Tuesday, 9 May 2023, 16:15	8.8 HIGH	—
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
CVE-2022-28058 ↗	Apr 26, 2022Tuesday, 26 April 2022, 21:15	8.1 HIGH	5.5 MEDIUM
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.
CVE-2022-28059 ↗	Apr 26, 2022Tuesday, 26 April 2022, 21:15	8.1 HIGH	5.5 MEDIUM
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.
CVE-2019-8363 ↗	Feb 16, 2019Saturday, 16 February 2019, 22:29	—	4.3 MEDIUM
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-7753 ↗	Feb 12, 2019Tuesday, 12 February 2019, 12:29	—	4.3 MEDIUM
Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.
CVE-2019-7737 ↗	Feb 11, 2019Monday, 11 February 2019, 21:29	—	6.8 MEDIUM
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.